Buscar en La Comunidad
Mostrando resultados por etiquetas 'rassoul ghaznavi-zadeh'.
Encontramos 1 resultado
Rassoul Ghaznavi-zadeh, ha trabajado de consultor de seguridad desde 1999. Empezó como ingeniero de redes y seguridad adquiriendo conocimientos en el área empresarial y manejando estándares y frameworks tales como ISO, COBIT, HIPPA, SOC y PCI. Con su ayuda, un gran número de organizaciones han alcanzado la seguridad necesaria llevando a cabo pruebas, auditorías y siguiendo las instrucciones y sus recomendaciones. Es por esta razón que Ghaznavi-zadeh se decidió a escribir su libro sobre Hacking ético centrado en la distribución Kali Linux, que como ya sabemos es una de las más utilizadas precisamente para auditorías de seguridad. Hace poco ofreció una entrevista a Vpnmentor en la que, aparte de su motivación y puntos de vista sobre algunas cuestión, compartió también el primer capítulo de su libro: Chapter 1- Ethical Hacking and Steps By Rassoul Ghaznavi-zadeh Ethical hacking is a process of investigating vulnerabilities in an environment, analyse them and use the information gathered to protect that environment from those vulnerabilities. Ethical hacking requires a legal and mutual agreement between ethical hacker and the asset and system owners with a defined and agreed scope of work. Any act outside of the agreed scope of work is illegal and not considered as part of ethical hacking. What is the purpose of this book? The purpose of this book is to prepare the readers to be able to act and work as an ethical hacker. The techniques on this book must not be used on any production network without having a formal approval from the ultimate owners of the systems and assets. Using these techniques without having an approval can be illegal and can cause serious damage to others intellectual property and is a crime. What are the responsibilities of an Ethical Hacker? As an Ethical hacker you have a clear responsibly about how you use your knowledge and techniques. It is also very important to understand what the expectations from an Ethical hacker are and what you should consider when assessing the security of a customer’s organization. Below are a couple of important things you must consider as an Ethical hacker: Must use your knowledge and tools only for legal purposes Only hack to identify security issues with the goal of defence Always seek management approval before starting any test Create a test plan with the exact parameters and goals of test and get the management approval for that plan Don’t forget, your job is to help strengthen network and nothing else! What are the customer’s expectations? It is very important to understand the customer’s expectation before starting any work. As the nature of this work (Ethical hacking) is high risk and requires a lot of attentions; if you don’t have a clear understanding of their requirements and expectations, the end result might not be what they want and your time and effort will be wasted. This could also have some legal implications as well if you don’t follow the rules and address customer’s expectation. Below are some important things you should note: You should work with customer to define goals and expectations Don’t surprise or embarrass them by the issues that you might find Keep the results and information confidential all the time Company usually owns the resultant data not you Customers expect full disclosure on problems and fixes What are the required skills of the hacker? To be an Ethical hacker you should have extensive knowledge about a range of devices and systems. Ideally you should have multiple years of experience in IT industry and be familiar with different hardware, software and networking technologies. Some of the important skills required to be an Ethical hacker are as below: Should already be a security expert in other areas (perimeter security, etc.) Should already have experience as network or systems administrator Experience on wide variety of Operating Systems such as Windows, Linux, UNIX, etc. Extensive knowledge of TCP/IP – Ports, Protocols, Layers Common knowledge about security and vulnerabilities and how to correct them Must be familiar with hacking tools and techniques (We will cover this in this book) How to get prepared for the Preparation testing Once you want to start a penetration project, there are number of things that you need to consider. Remember, without following the proper steps, getting approvals and finalizing an agreement with customer; using these techniques is illegal and against the law. Important things to consider before you start: Get signed approval for all tests from the customer You need to sign confidentiality agreement (NDA) Get approval of collateral parties (ISPs) Put together team and tools and get ready for the tests Define goals (DoS, Penetration, etc.) Set the ground rules (rules of engagement with the customer and team) Set the schedule (non-work hours, weekends?) Notify appropriate parties (Sys admin, Security department, Legal department, law enforcement) https://www.vpnmentor.com/blog/kali-linux-a-guide-to-ethical-hacking/